IETF Logo Mail Archive

Re: [Tsv-art] [Ext] Tsvart last call review of draft-hoffman-dns-in-json-14

Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 25 April 2018 07:10 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75C5012708C for <tsv-art@ietfa.amsl.com>; Wed, 25 Apr 2018 00:10:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.312
X-Spam-Level:
X-Spam-Status: No, score=-4.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iaeKa9CRGtfm for <tsv-art@ietfa.amsl.com>; Wed, 25 Apr 2018 00:10:34 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B5A6127078 for <tsv-art@ietf.org>; Wed, 25 Apr 2018 00:10:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1524640225; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ZEemHKY0GjXA1Fo+jFo8Vv/8M2kHif/98LDXDYh4p3A=; b=ViFgEy7PT6eZ+dOl1T9PRZwG8QrUS1ZSV3VNqtCDQEV02JHshERhUxYLRtSf1MBP LT5/xZGIEBVDhu00JQwkt70uiGJi2puwg2kn/CMQ9GYL95K4yV4NaUj9daeJige9 2BTx6eqqaqNYL5yl/g14H4/9z4COJ6QbnRsTF+J+FgI=;
X-AuditID: c1b4fb3a-d4dff7000000729c-2c-5ae029e1bf1b
Received: from ESESSHC005.ericsson.se (Unknown_Domain [153.88.183.33]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id E6.DF.29340.1E920EA5; Wed, 25 Apr 2018 09:10:25 +0200 (CEST)
Received: from [147.214.163.250] (153.88.183.153) by smtps.internal.ericsson.com (153.88.183.33) with Microsoft SMTP Server (TLS) id 14.3.382.0; Wed, 25 Apr 2018 09:10:24 +0200
To: Paul Hoffman <paul.hoffman@icann.org>
CC: "tsv-art@ietf.org" <tsv-art@ietf.org>, "draft-hoffman-dns-in-json.all@ietf.org" <draft-hoffman-dns-in-json.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
References: <152458281508.28916.6332509153215192043@ietfa.amsl.com> <8D78B054-EF0D-4DEF-96D6-CF5D5B6045F9@icann.org>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <28cb67ef-03ff-37c1-64d3-612da944d304@ericsson.com>
Date: Wed, 25 Apr 2018 09:10:25 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <8D78B054-EF0D-4DEF-96D6-CF5D5B6045F9@icann.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
X-Originating-IP: [153.88.183.153]
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrALMWRmVeSWpSXmKPExsUyM2K7ou5DzQdRBk9fqltM2juV1eLZxvks Fr2TnjBazNqziMWBxePwhfssHkuW/GQKYIrisklJzcksSy3St0vgyui6yFrwT61i7rW9LA2M P+W6GDk5JARMJK6d/8PexcjFISRwhFHiQVcPM4SzhVFi/atPTCBVwgJeEnd/PWcFsUUENCU+ HNzNAmIzCyxklPg6yQvEFhIok+htPc0GYrMJWEjc/NEIZvMK2EvsubuKHcRmEVCV2D2lAWym qECMxI+jXSwQNYISJ2c+AbM5BWwlFt44AWRzAM23l3iwtQxilbzE9rdzmCFscYmmLytZIdZq SzQ0dbBCPKMkcX3edZYJjEKzkEydhTBpFpJJs5BMWsDIsopRtDi1uDg33chIL7UoM7m4OD9P Ly+1ZBMjMNwPbvlttYPx4HPHQ4wCHIxKPLzrgXEgxJpYVlyZe4hRgoNZSYR3r9y9KCHelMTK qtSi/Pii0pzU4kOM0hwsSuK8TmkWUUIC6YklqdmpqQWpRTBZJg5OqQZGDwWZ+BM/5mzeHH+N x0SnOPzGNr/yydpeckoM3nZLIzUag5vObQ49HK/0LHyz1oRZT7MmLC8UOywWy83y+tbRtsm6 KzoYjpoFH/23kL1vk9nD33OsNW31XiTHO/c9ufjBtX3rDukSPg3RUy8S5fPef5x4qD+GN2fh 1brDQZmvHGVSmXc8i36ixFKckWioxVxUnAgAen7KUXMCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/zZy-ZxAC78fgdJg7gEbEkfFZnKs>
Subject: Re: [Tsv-art] [Ext] Tsvart last call review of draft-hoffman-dns-in-json-14
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2018 07:10:35 -0000

Hi Paul,

See inline.


Den 2018-04-24 kl. 17:50, skrev Paul Hoffman:
> On Apr 24, 2018, at 8:13 AM, Magnus Westerlund <magnus.westerlund@ericsson.com> wrote:
>> Reviewer: Magnus Westerlund
>> Review result: Ready with Issues
>>
>> I've reviewed this document as part of TSV-ART's ongoing effort to
>> review key IETF documents. These comments were written primarily for
>> the transport area directors, but are copied to the document's authors
>> for their information and to allow them to address any issues raised.
>> Please always CC tsv-art at ietf.org if you reply to or forward this
>> review.
>>
>> Sorry for the late review. Looking at the document I did not find any
>> "transport" issues but another issue and some nits that I like to raise.
>>
>> Issue:
>>
>> Security Consideration
>>
>> I am missing a reference or discussion to that the contained values in this
>> format likely contain privacy sensitive information if it can be linked to who
>> the requester is.
> It is no more likely in this format than in any format that can be used for traffic logs. If there is a profile of this format that is to be used for traffic between an individual and a server, a privacy consideration in that profile could be warranted.

Exactly, it is the usage of this format that determines if it will be 
privacy sensitive or not. Thus, I think there is a need to note this 
possibility, and note that it is up to the profile / usage definition of 
this format to define what safe guards are needed. But, I think it is 
necessary to spend a paragraph to be explicit about the potential risk.

>
>> Nits:
>>
>> Section 2.5:
>>
>>    o  dateString - The date that the message was sent or received, given
>>       as a string in the standard format described in [RFC3339], as
>>       refined by Section 3.3 of [RFC4287]
>>
>> Why isn't RFC3339 and RFC4287 includes as normative references for this
>> specification. The above quote indicates that it would be required to look at
>> these RFCs to implement handling of this value?
> Given that all fields for this format are optional, I had a hard time deciding whether things like this would be normative or informative. I can move those refs after the IESG review.

To my understanding is that all things this specification defines, 
including optional fields or features where one needs to read/understand 
the reference is a normative reference.

Please see IESG statements on normative references, especially note 1:
https://www.ietf.org/blog/iesg-statement-normative-and-informative-references/


>
>> Section 2.5:  I wondered over this definition:
>>
>>    o  dateSeconds - The date that the message was sent or received,
>>       given as the number of seconds since 1970-01-01T00:00Z in UTC
>>       time; this number can be fractional
>>
>> It is not clear from how it is written, but I assume the format for this is a
>> JSON number, i.e. as defined in Section 6 of rfc8259?
> Yes.
>
>> Searching the document,
>> this appears to be the only defined value that uses numbers, is that correctly
>> noted?
> No. Almost everything in Section 2.1 (including the booleans!) are numbers.

This is not that clear. At least not to me. I have limited experience 
with JSON so I try to understand what is written rather than implicit.

    o  All members whose values that are always 16 bits or shorter are
       represented by JSON integers.  One-bit values are represented as
       JSON booleans.

There are no definition of JSON integers in RFC 8259 that I can find.
There is a single mention of integers in the Numbers section.

So maybe that needs to be defined so that it is clear.


>
>> Considering that fractional seconds, and the potential for overflow. Any
>> notes in the context of DNS representation about how small fractional values
>> that can be represented?
> This is a matter for JSON (and thus RFC 8259), not for this format, I believe.
>
> --Paul Hoffman

My view is that if there is an underlying limitation to this field 
value, then it would make sense to make that explicit, even if the JSON 
representation has no such limitation. You had no issue doing that 
limitation when it the field is a 16-bit unsigned integer for example. 
Also, it is a question if this encoding of the DNS message accepts loss 
of precision in the field's value. And that I can't judge I don't 
understand the utilization of this field to comment on it.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Network Architecture & Protocols, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email